From Intern to Defender: Mitchel Sykes on Identity Security, AI Risks, and Building Hands-On Cybersecurity Skills // Echelon Risk + Cyber

In line with Echelon’s value of People with Personality, we are excited to continue our Cybersecurity Champion series, where we spotlight the incredible individuals who make up our team. Each month, we share the stories of professionals whose talent, dedication, and unique perspectives help keep organizations secure.

Meet Mitchel Sykes, a Cybersecurity Consultant at Echelon Cyber + Risk. Mitchel’s journey into cybersecurity reflects how early hands-on experience, curiosity, and practical learning can shape a successful career. From exploring electronics and IT support in high school to pursuing a cybersecurity degree and transitioning from intern to full-time engineer, Mitchel has built his career around understanding how modern systems are secured and where they can fail.

What drew you to cybersecurity and how did studying at Roger Williams University, interning, and joining Echelon shape your journey here?
I started pursuing STEM pretty early. In high school, I focused on electronics and IT support, which exposed me to Linux systems and introduced me to cybersecurity concepts.
When it came time to choose a university, I specifically looked for a program that offered a dedicated cybersecurity degree rather than a general computer science path. That’s what led me to Roger Williams University, where I studied cybersecurity and built a stronger foundation in the field.
My path to Echelon actually started through a referral. A peer who worked on the offensive security team connected me with the company, and I joined as an intern on the defensive security side. That experience gave me real exposure to how cybersecurity operates in practice. I was able to graduate early and transition directly into a full-time role.
Your work at Echelon focuses heavily on cloud security and Identity & Access Management (IAM). What trends or challenges in cloud security are you paying attention to right now?
One of the biggest shifts in cybersecurity is that the traditional network perimeter is no longer the primary boundary we defend. Today, user identities are the real perimeter.
Attackers are targeting users through phishing and social engineering because compromising an identity can provide immediate access to cloud services and enterprise systems. That makes identity security one of the most critical components of modern defense strategies.
AI is also introducing new risks. Public AI models can unintentionally expose sensitive data through prompt injection or user misuse. If employees input proprietary information or client data into public models, that information could potentially become visible to others or influence the model itself.
Enterprise AI tools like Microsoft Copilot also create challenges. Because these tools interact with internal company data, users could inadvertently extract or expose sensitive information if policies and safeguards aren’t in place. Organizations need to carefully manage how these tools are deployed and how employees interact with them.
You transitioned from an internship into a full-time cybersecurity role relatively quickly. What advice would you give to students or early-career professionals trying to enter the field?
The most important thing is hands-on experience. Cybersecurity is a field where practical knowledge matters a lot.
Students should build lab environments and experiment with virtualization platforms such as VMware or Hyper-V to simulate enterprise environments. Free trials offered by colleges can also provide valuable learning opportunities.
For people interested in offensive security, platforms like Hack The Box and TryHackMe provide excellent practice environments.
Defensive security learners have fewer platforms available, but there are still blue team labs and exercises that can help build those skills.
Starting early also helps. My own path included working with technology in high school and gaining real-world experience through an internship before graduating.
Are there any resources, frameworks, or communities that have been particularly helpful in your cybersecurity journey?
I stay current by following cybersecurity news through RSS feeds and by listening to Security Weekly News, which is hosted by one of my university professors.
From a technical perspective, frameworks and standards are incredibly important. Resources like the NIST Cybersecurity Framework, NIST AI Risk Management Framework, and CIS Controls provide structured guidance for organizations trying to improve their security posture.
Those frameworks help translate security concepts into practical controls that organizations can implement.
Outside of work, how do you like spending your time?
A lot of my hobbies are still technology-related.
I enjoy attending conventions like Comic Con and Fan Expo, and I also do cosplay. I use 3D printing to build functional parts and costume props, which lets me combine creativity with technical skills.
I also play tabletop games like Magic: The Gathering and work on personal technology projects. That includes modding gaming consoles and self-hosting servers for things like virtual tabletop gaming environments.

What drew you to cybersecurity and how did studying at Roger Williams University, interning, and joining Echelon shape your journey here?

Your work at Echelon focuses heavily on cloud security and Identity & Access Management (IAM). What trends or challenges in cloud security are you paying attention to right now?

You transitioned from an internship into a full-time cybersecurity role relatively quickly. What advice would you give to students or early-career professionals trying to enter the field?

Are there any resources, frameworks, or communities that have been particularly helpful in your cybersecurity journey?

Outside of work, how do you like spending your time?